Guard uses the token found in TokenReview request object to get user’s information and list of groups this user is member of. In the TokenReview response, status.user.username, status.user.uid and status.user.groups are set to username, userid and groups found in token file.

Token file

Token file is a csv file containing four columns: token, username, user uid and group names. Group names column may be empty or contain multiple names. Token must be unique for each user.

Note: If you set up guard only for static token authentication , then you will need a client cert with Organization set to token-auth. if you set up guard for static token authentication and other auth provider (for example, --auth-providers="token-auth,github"), then at first guard will check for static token authentication if not succeeded then it will check for other provider. And for multiple auth providers, if you set permissions based on group names, then please be aware of same group name from different authenticators.

Take your team where it needs to go.

Create your cluster in minutes. Our team is here to help and would be happy to chat with you.